DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize Directadmin and support it.

DirectAdmin Knowledge Base

Directadmin and Backup encryption for GDPR compliance

| 13:17:19 22.05.2018

An ability to encrypt backups from all levels will be available with a new release of Directadmin, and it can be already tested with a pre-release binary. Implemented to be GDPR compliant.

Use the feature to store encrypted backups remotely, if you store them locally (your system still stores a password used for encryption) they can be decrypted without much efforts.

Directadmin developers flagged the feature as BETA at the moment of writing this article. So please do testing of it first to make sure it's working fine for you. We've already tested it on our end, and it works fine for us.

  • Details can be found here https://directadmin.com/features.php?id=2117

Let's Start

Whether or not a directadmin on your server supports this feature you can test with the following command:

/usr/local/directadmin/directadmin c | grep allow_backup_encryption=

It's expected to see either:

allow_backup_encryption=0

or

allow_backup_encryption=1

If the command does not return anything, or returns results different from listed above, then you have too old Directadmin version. IF your directadmin version is too old and does not include this feature you should update Directadmin or install a pre-release binary. Allow backup encryption To allow backup encryption please run the following command:

grep -m1 -q ^allow_backup_encryption= /usr/local/directadmin/conf/directadmin.conf && perl -pi -e "s#allow_backup_encryption=.*#allow_backup_encryption=1#" /usr/local/directadmin/conf/directadmin.conf || echo allow_backup_encryption=1 >> /usr/local/directadmin/conf/directadmin.conf

Control it once more with the same command:

/usr/local/directadmin/directadmin c | grep allow_backup_encryption=

this time we should see:

allow_backup_encryption=1

Restart directadmin:

service directadmin restart

Run backups 

Now login as admin/reseller or user and enable backup encryption.

Now you should have a Backup Encryption field

Now you should have a Backup Encryption field, enter your secret password there to get backups encrypted with it. Omit for no encryption.

Encoded backups will have an .enc ending in their names.

admin.root.admin.tar.gz.enc

That's it. 

Dealing with errors 

Since it's still beta some errors might happen.

If Directadmin crashes and/or an issue with permissions happens try and set 755 permissions to the scripts:

chmod 755 /usr/local/directadmin/scripts/*crypt_file.sh

to get:

-rwxr-xr-x 1 diradmin diradmin 536 Apr 21 13:45 /usr/local/directadmin/scripts/decrypt_file.sh
-rwxr-xr-x 1 diradmin diradmin 536 Apr 21 11:53 /usr/local/directadmin/scripts/encrypt_file.sh

Insights 

A password for backups created at Admin level is stored in /usr/local/directadmin/data/admin/backup.conf (base64 encoded). You can see it with:

cat /usr/local/directadmin/data/admin/backup.conf | grep ^encryption_password= backup.conf | cut -d\= -f2- | base64 -d

To decrypt a backup file manually you can run the following commands:

cat /usr/local/directadmin/data/admin/backup.conf | grep ^encryption_password= backup.conf | cut -d\= -f2- | base64 -d > /root/.enc_password
cd /home/admin/admin_backups/
/usr/local/directadmin/scripts/decrypt_file.sh admin.root.admin.tar.gz.enc admin.root.admin.tar.gz /root/.enc_password

Usage:

/usr/local/directadmin/scripts/decrypt_file.sh <encryptedin> <fileout> <passwordfile>

To encrypt a backup manually you can run the following commands (make sure to have a plain-text password in /root/.enc_password):

cd /home/admin/admin_backups/
/usr/local/directadmin/scripts/encrypt_file.sh admin.root.admin.tar.gz admin.root.admin.tar.gz.enc /root/.enc_password

Usage:

/usr/local/directadmin/scripts/encrypt_file.sh <filein> <encryptedout> <passwordfile>
About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable expirience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.




All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition